Google trends for RFID: biggest peak just after Melanie published her paper.

2 bio public transportation system was hacked in and 8-week project by students. Amsterdam.

Issues: same company designing and auditing the back-end security of the system. *steph-booth: gosh, what do people imagine?*

People in charge don’t listen about these issues until they’re demonstrated.

Melanie has worked on a device that does penetration tests and acts as a firewall for RFID.

Can spoof and jam RFID tags.

Listens to the first part of the query trying to figure out what it wants to do, and if it’s something not allowed, it sends out random noise (selective jamming). Filter inbound and outbound queries.

Security: RFID fuzzing.

All the hard work for cloning public transport passes has been done. Just needs to be put together.

The RFID Guardian is being commercialised now (so it’s not just students who are dangerous now).

Companies and governments assume that these attacks are going to stay in labs. They need to wake up. Why put the tools into the hands of the bad guys? The bad guys are going to have the tools any way, it’s time for the good guys to have access (full disclosure). If computer scientists have the right tools they might be able to prevent lots of these attacks. We need an RFID security industry.